Hello,
I have done reading for the past few days and still can't seem to figure this out. I have read the post below on wireless networking and still no luck.
Here is my info:
As of today, I have the latest UP2Date (can't find exact version number). My network looks like this:
external (ISP)
|
|
astaro----dmz
|
|
internal network
Right now my DMZ doing NAT to get out. I only have one web server and a Cisco AP sitting on it. I only allow port 80 in and out for the webserver in the DMZ. I am trying to set up a VPN connection from any wireless user over the Access Point and allow access to the Internet (possibly the internal network as well). I followed the Road Warrior doc on this site and had no troubles. The client machine has no trouble connecting to the internal interface of Astaro to get authenticated. My only trouble is trying to allow access from only the PPTP-Pool (which I can only limit to the entire DMZ..am I doing that correctly? Is there a way to limit IPs more than an entire range?). I can set up a rule like PPTP-Pool any any allow and it works fine, but so does any random machine that I put in the DMZ that is not authenticated over the VPN connection. I have played with ways to limit only certain protocols as well (for example, GRE and PPTP) with no luck. It seems like and all or nothing thing right now and I'm sure I'm missing something.
I am new to VPN. Sorry for the remedial questions. Since there was nothing in the How-To about the IPSec VPN menu, I didn't touch anything there, and don't think I need to, but thought I would bring it up just in case.
Should I be going about this differently? All I want to do is encrypt wireless traffic and only allow those authenticated over the VPN to get out. I want to block all other outgoing connections on the DMZ (besides the webserver)...this would include blocking users who are able to connect to the access point and are not authenticated through the VPN.
If you need additional information (logs, versions, etc) let me know and I will be glad to post them. You may need to be specific though, since this is all a little new to me.
Not sure if this will help, but here are the logs from my VPN connection:
Feb 6 09:05:42 (none) pppd[8372]: pppd 2.4.0 started by (unknown), uid 0
Feb 6 09:05:42 (none) pppd[8372]: Using interface ppp0
Feb 6 09:05:42 (none) pppd[8372]: Connect: ppp0 /dev/ttyp0
Feb 6 09:05:42 (none) pppd[8372]: No CHAP secret found for authenticating xxxxx on pptp, trying aua with MS-CHAP
Feb 6 09:05:44 (none) aua[8377]: U:crux F[:P]ptp R[:$]K C:961E7F5B52C3A15270081786F0771729:*
Feb 6 09:05:44 (none) pppd[8372]: In secrets file: unrecognized option 'NO_AUA_OPTS_YET'
Feb 6 09:05:44 (none) pppd[8372]: MSCHAP-v2 peer authentication succeeded for xxxxx
Feb 6 09:05:44 (none) pppd[8372]: MPPE 128 bit, stateless compression enabled
Feb 6 09:05:44 (none) pppd[8372]: found interface eth2 for proxy arp
Feb 6 09:05:44 (none) pppd[8372]: local IP address 192.168.1.1
Feb 6 09:05:44 (none) pppd[8372]: remote IP address 192.168.1.2
not sure about the local and remote ip address. i didn't set either of them up...don't seem to be a problem now...
Thanks in advance for any help you may provide.
Take care,
Scott
This thread was automatically locked due to age.
